Jump to content

kalniss

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Great. So I will continue to use my AVG! I know how I got infected, it was a stupid action on my part, I knew that instant what I had done. Well, I guess you live and you learn. All in all, I believe I know how to behave safely online. Anyway after clean up and uninstallation of ComboFix there are three more folders on my C and A drives, that seem to be related to all the actions taken to remove infection. Particular I'm worried about a folders named TDSSKiller_Quarantine and found.000. Can/should I delete those? Again thank you very much for the help! Cheers!
  2. Ok, updates are done. So as I understand everything looks clean and there should be no security risks, right? I can use my e-mail, facebook and online banking no problem? Or is there a chance that some can still steel my personal info? Also what is the possibility that it has already been stolen? Can I uninstall all the software I downloaded as instructed? What about all different files and folders that have been created in the process? Be as it may, thank you for your help so far. You have been a great help. K.
  3. Ok, it did take a while Here's what it found: C:\TDSSKiller_Quarantine\30.05.2013_23.00.34\rtkt0000\zafs0000\tsk0001.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\30.05.2013_23.00.34\rtkt0000\zafs0000\tsk0006.dta Win32/Conedex.D trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\30.05.2013_23.00.34\rtkt0000\zafs0000\tsk0008.dta Win32/Conedex.E trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\30.05.2013_23.00.34\rtkt0000\zafs0000\tsk0009.dta Win32/Sirefef.FA trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\30.05.2013_23.00.34\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.FV trojan cleaned by deleting - quarantined Looks like nothing new, just something that TDSSKiller had already quarantined. So, how does it look now?
  4. All processes killed ========== OTL ========== ADS C:\ProgramData\TEMP:94A19129 deleted successfully. ADS C:\ProgramData\TEMP:A1063995 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Kaspars ->Temp folder emptied: 3053768 bytes ->Temporary Internet Files folder emptied: 1472143 bytes ->Java cache emptied: 3682478 bytes ->FireFox cache emptied: 101245294 bytes ->Google Chrome cache emptied: 246625664 bytes ->Apple Safari cache emptied: 18015232 bytes ->Flash cache emptied: 115878 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2176 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 890839 bytes Total Files Cleaned = 358,00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: Kaspars ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Kaspars ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06012013_013205 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  5. OTL logfile created on: 2013.06.01. 0:04:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kaspars\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000426 | Country: Latvija | Language: LVI | Date Format: yyyy.MM.dd. 3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,22% Memory free 5,99 Gb Paging File | 4,84 Gb Available in Paging File | 80,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,42 Gb Total Space | 25,75 Gb Free Space | 32,84% Space Free | Partition Type: NTFS Computer Name: TOSIS | User Name: Kaspars | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.01 00:02:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaspars\Desktop\OTL.exe PRC - [2013.05.10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe PRC - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.02.19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcfgex.exe PRC - [2012.11.22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.06.26 13:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.06.11 11:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.06.11 11:33:10 | 000,148,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe PRC - [2012.06.11 11:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2011.05.18 16:56:08 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2011.02.25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.13 07:29:06 | 000,840,000 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe PRC - [2010.12.09 15:52:46 | 002,749,856 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2010.11.19 06:50:32 | 002,885,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2010.11.02 05:38:00 | 000,341,392 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2010.09.06 11:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2010.08.23 11:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2010.08.23 11:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2010.04.12 05:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2009.04.03 13:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2009.03.27 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe PRC - [2008.06.20 02:14:00 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2007.04.17 14:43:16 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006.11.13 04:06:54 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2006.11.06 12:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ========== Modules (No Company Name) ========== MOD - [2013.05.28 22:11:18 | 000,225,280 | ---- | M] () -- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll MOD - [2012.06.26 13:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2012.06.26 13:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2012.06.26 13:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll MOD - [2012.06.26 13:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2012.06.26 13:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2012.06.26 13:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2011.06.24 16:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 16:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2006.11.06 12:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ========== Services (SafeList) ========== SRV - [2013.05.15 13:03:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013.05.10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.20 16:32:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.28 16:49:13 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.12.02 21:11:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.04.12 05:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009.07.13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.27 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.04.17 14:43:16 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Kaspars\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.05.30 23:02:40 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.03.29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013.03.21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2013.03.01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013.02.08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013.02.08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2013.02.08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013.02.08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013.02.08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2012.06.11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.05.10 02:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.12.11 19:08:40 | 000,234,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2010.12.02 14:29:00 | 000,056,760 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2010.11.29 06:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2010.11.20 07:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.11.11 05:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2010.08.30 05:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2010.08.19 15:42:38 | 000,074,832 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SPTD.SYS -- (sptd) DRV - [2010.06.18 11:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2010.04.26 06:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2009.07.30 16:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) DRV - [2009.07.24 06:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2009.07.21 09:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.13 20:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.13 19:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.06.17 06:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2009.03.27 09:52:00 | 007,545,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.11.09 00:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007.01.26 12:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007.01.24 02:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lv-LV IE - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 19 55 BD B7 2F CE 01 [binary data] IE - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://mysql.soon.lv/eklinda/" FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.2.0.1 FF - prefs.js..extensions.enabledAddons: firebug@software.joehewitt.com:1.9.2 FF - prefs.js..extensions.enabledAddons: https-everywhere@eff.org:3.1.4 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kaspars\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kaspars\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kaspars\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2013.03.16 18:59:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.02 11:16:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 21:09:45 | 000,000,000 | ---D | M] [2011.02.17 05:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaspars\AppData\Roaming\Mozilla\Extensions [2011.02.17 05:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaspars\AppData\Roaming\Mozilla\Extensions\pencil@evolus.vn [2013.03.28 17:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaspars\AppData\Roaming\Mozilla\Firefox\Profiles\x022xa6b.default\extensions [2011.01.27 10:01:47 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Kaspars\AppData\Roaming\Mozilla\Firefox\Profiles\x022xa6b.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2013.03.28 16:29:23 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Kaspars\AppData\Roaming\Mozilla\Firefox\Profiles\x022xa6b.default\extensions\https-everywhere@eff.org [2013.03.25 14:48:45 | 001,335,949 | ---- | M] () (No name found) -- C:\Users\Kaspars\AppData\Roaming\Mozilla\Firefox\Profiles\x022xa6b.default\extensions\firebug@software.joehewitt.com.xpi [2013.03.28 17:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- C:\USERS\KASPARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X022XA6B.DEFAULT\EXTENSIONS\AVG@TOOLBAR [2013.03.28 16:49:14 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.03.28 16:49:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.28 16:49:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.pandora.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kaspars\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kaspars\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kaspars\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Kaspars\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Media Hint = C:\Users\Kaspars\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.12_0\ CHR - Extension: YouTube = C:\Users\Kaspars\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\Kaspars\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\Kaspars\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.05.31 01:24:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001..\Run: [Facebook Update] C:\Users\Kaspars\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.21.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.42.4.204 200.49.130.41 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67DEF535-16C2-4DB5-88EF-D7A63E5793FB}: DhcpNameServer = 200.42.4.204 200.49.130.41 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEEA6FAA-3736-4FEC-8875-49DF021D7414}: DhcpNameServer = 213.110.77.2 213.110.93.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F58BCF43-D3A5-416E-9DB6-A4F259D27AE9}: DhcpNameServer = 212.93.96.4 212.93.96.2 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.01 00:02:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kaspars\Desktop\OTL.exe [2013.05.31 20:48:15 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\Desktop\RK_Quarantine [2013.05.31 03:10:15 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Roaming\AVG2013 [2013.05.31 03:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.05.31 03:09:05 | 000,000,000 | -H-D | C] -- C:\$AVG [2013.05.31 03:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013.05.31 03:03:43 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Local\MFAData [2013.05.31 03:03:43 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Local\Avg2013 [2013.05.31 03:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2013.05.31 01:30:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.31 01:24:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.05.31 01:21:44 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Local\temp [2013.05.31 00:58:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.31 00:58:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.31 00:58:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.31 00:58:13 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Roaming\TuneUp Software [2013.05.31 00:55:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.31 00:55:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.30 23:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.05.30 23:05:11 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\Desktop\mbar-1.06.0.1003 [2013.05.30 23:01:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.05.30 23:00:20 | 002,240,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kaspars\Desktop\tdsskiller.exe [2013.05.30 23:00:19 | 005,074,935 | R--- | C] (Swearware) -- C:\Users\Kaspars\Desktop\ComboFix.exe [2013.05.30 20:02:11 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Roaming\Malwarebytes [2013.05.30 20:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.30 20:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.30 20:02:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.30 20:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.30 20:01:53 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Local\Programs [2013.05.29 15:21:37 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2013.05.28 22:11:06 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec [2013.05.28 22:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec [2013.05.25 18:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Sublime Text 2 [2013.05.25 14:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MetaQuotes [2013.05.25 14:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\MetaTrader 4 at FOREX.com [2013.05.21 17:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.05.20 15:41:52 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2013.05.20 15:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\GTR2 [2013.05.18 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2 [2013.05.18 17:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [2013.05.16 13:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters [2013.05.16 13:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters [2013.05.16 03:10:30 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 03:10:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 03:10:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 03:10:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 03:10:27 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 03:10:26 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 03:10:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.16 03:10:26 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 03:10:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.16 03:10:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.15 12:33:51 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.15 12:33:50 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.15 12:30:11 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.15 12:30:02 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.15 12:30:02 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe ========== Files - Modified Within 30 Days ========== [2013.06.01 00:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.01 00:02:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaspars\Desktop\OTL.exe [2013.05.31 23:13:02 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001UA.job [2013.05.31 21:50:03 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001UA.job [2013.05.31 18:16:42 | 000,624,334 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.31 18:16:42 | 000,109,794 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.31 17:41:48 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.31 17:41:48 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.31 17:34:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.31 17:34:03 | 2414,436,352 | -HS- | M] () -- C:\hiberfil.sys [2013.05.31 03:09:34 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.05.31 01:24:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.05.30 23:02:40 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013.05.30 20:02:08 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013.05.30 16:55:50 | 013,169,742 | ---- | M] () -- C:\Users\Kaspars\Desktop\mbar-1.06.0.1003.zip [2013.05.30 16:54:40 | 000,890,839 | ---- | M] () -- C:\Users\Kaspars\Desktop\SecurityCheck.exe [2013.05.30 16:54:18 | 005,074,935 | R--- | M] (Swearware) -- C:\Users\Kaspars\Desktop\ComboFix.exe [2013.05.30 16:51:22 | 002,240,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kaspars\Desktop\tdsskiller.exe [2013.05.29 15:50:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001Core.job [2013.05.28 10:13:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001Core.job [2013.05.26 14:10:00 | 000,003,082 | ---- | M] () -- C:\Users\Kaspars\Desktop\class generator.mq4 [2013.05.25 16:30:16 | 000,003,134 | ---- | M] () -- C:\Users\Kaspars\Desktop\Linear Regression.mq4 [2013.05.20 15:41:52 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2013.05.16 03:32:54 | 003,781,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 13:03:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 13:03:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.05.31 03:09:34 | 000,000,895 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.05.31 00:58:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.31 00:58:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.31 00:58:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.31 00:58:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.31 00:58:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.30 23:00:20 | 000,890,839 | ---- | C] () -- C:\Users\Kaspars\Desktop\SecurityCheck.exe [2013.05.30 23:00:19 | 013,169,742 | ---- | C] () -- C:\Users\Kaspars\Desktop\mbar-1.06.0.1003.zip [2013.05.30 20:02:08 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013.05.26 20:03:10 | 000,003,134 | ---- | C] () -- C:\Users\Kaspars\Desktop\Linear Regression.mq4 [2013.05.26 20:02:44 | 000,003,082 | ---- | C] () -- C:\Users\Kaspars\Desktop\class generator.mq4 [2013.05.25 18:09:22 | 000,000,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 2.lnk [2013.04.30 11:55:09 | 000,003,865 | ---- | C] () -- C:\Users\Kaspars\AppData\Local\recently-used.xbel [2013.04.20 17:06:49 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2013.04.20 17:06:49 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2013.04.20 17:06:49 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2013.04.20 17:06:49 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2013.04.08 13:01:30 | 000,052,171 | ---- | C] () -- C:\Windows\RFC4DPluginUninstall.exe [2013.03.08 21:32:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2013.03.08 21:31:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2013.02.10 11:15:02 | 000,247,920 | ---- | C] () -- C:\Windows\System32\avutil-lav-52.dll [2013.02.10 11:15:02 | 000,165,160 | ---- | C] () -- C:\Windows\System32\avresample-lav-1.dll [2011.12.07 16:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll [2011.11.08 06:00:31 | 000,000,132 | ---- | C] () -- C:\Users\Kaspars\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.11.02 11:31:59 | 000,001,631 | ---- | C] () -- C:\Users\Kaspars\.bash_history [2011.10.12 11:23:34 | 000,354,304 | ---- | C] () -- C:\Windows\System32\pythoncom27.dll [2011.10.12 11:23:34 | 000,110,592 | ---- | C] () -- C:\Windows\System32\pywintypes27.dll [2011.09.07 04:54:57 | 000,000,081 | ---- | C] () -- C:\Users\Kaspars\.gitconfig [2011.08.28 15:20:10 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2011.08.02 08:50:32 | 000,162,696 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.07.20 08:56:33 | 000,009,898 | ---- | C] () -- C:\Users\Kaspars\_viminfo [2011.06.24 00:58:32 | 000,242,259 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.06.01 10:59:13 | 000,000,390 | ---- | C] () -- C:\Users\Kaspars\gate.session [2011.06.01 10:59:11 | 000,000,573 | ---- | C] () -- C:\Users\Kaspars\gate.xml [2011.05.23 04:39:32 | 000,000,132 | ---- | C] () -- C:\Users\Kaspars\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.02.10 10:53:50 | 000,002,913 | ---- | C] () -- C:\Users\Kaspars\jtview.xml [2011.01.21 03:40:45 | 000,013,824 | ---- | C] () -- C:\Users\Kaspars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.13 09:40:39 | 000,000,600 | ---- | C] () -- C:\Users\Kaspars\AppData\Local\PUTTY.RND [2010.12.10 12:23:10 | 000,000,000 | ---- | C] () -- C:\Users\Kaspars\.javafx_eula_accepted [2010.12.08 08:58:26 | 000,001,456 | ---- | C] () -- C:\Users\Kaspars\AppData\Local\Adobe Save for Web 12.0 Prefs ========== ZeroAccess Check ========== [2009.07.14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A1063995 < End of report > OTL Extras logfile created on: 2013.06.01. 0:04:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kaspars\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000426 | Country: Latvija | Language: LVI | Date Format: yyyy.MM.dd. 3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,22% Memory free 5,99 Gb Paging File | 4,84 Gb Available in Paging File | 80,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,42 Gb Total Space | 25,75 Gb Free Space | 32,84% Space Free | Partition Type: NTFS Computer Name: TOSIS | User Name: Kaspars | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{007B3514-F014-4A1E-9E41-71F6F375C82F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{10807CA6-5176-4F0F-9BAC-1B51DD3079EE}" = lport=139 | protocol=6 | dir=in | app=system | "{499BD57E-5F70-4443-8179-97E3B7F48169}" = rport=138 | protocol=17 | dir=out | app=system | "{4FE364F4-A283-4503-BE7E-DEB48653B8FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{53B04255-AA43-4BD2-8A24-337B96B76EF1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{76D199CD-B6BD-4A46-91BA-BCA268058A9C}" = lport=137 | protocol=17 | dir=in | app=system | "{8C28ECF1-61E3-4BF3-ADFC-83D9EB40316E}" = rport=137 | protocol=17 | dir=out | app=system | "{B9DC7D44-6078-44E2-A36B-AECB17339213}" = rport=139 | protocol=6 | dir=out | app=system | "{CBF24952-4036-4A1E-9CF5-B2A379AF2C37}" = lport=138 | protocol=17 | dir=in | app=system | "{DD6825E9-6E2C-4448-9C3B-5065ACB98ADE}" = lport=445 | protocol=6 | dir=in | app=system | "{DF33AA4B-1A31-4567-8135-3D7D52EA4152}" = rport=445 | protocol=6 | dir=out | app=system | "{E6982748-22C1-41D6-90F1-BFD2D2A4411B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{037F15E9-B8BF-421B-AB82-DD7CD777F58E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{09251B70-BEA1-4ECC-89C2-395A1E8FA106}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{29F9394A-9432-473D-AC0B-68CC4AD644C1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{4217BCA9-16B2-40B7-BE38-90F4CF9C3A4C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{429B9CC0-0CF8-4C20-9E56-757AD6693372}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5263558C-3A58-462C-92FE-F1C2EE156213}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{661D885E-F920-4CE5-A473-F288CA19A54D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{6822CD75-CC3D-41F6-9259-693D0F8F5C2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A72AFD39-953F-4826-B3F0-3D9DD0B020F9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{B56D32EB-512E-488F-9C6E-662C171B2063}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{E3AA4A42-05B5-41BA-8046-E54DC56A2AA9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{F669A4CC-6575-4A3B-B577-A04D4D9FCB75}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{18B771D0-EC78-4A6A-B1A7-E47B58575BC8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{42CA4328-E20E-4FA3-9380-A0495DCF1F25}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{EC73AA48-676E-4787-AD46-EE4560825DCC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{FCDEEBC5-50DF-4785-B6F1-8EB703712E02}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0 "{0297C87B-CC40-446F-865A-031B4FC0CF22}" = Race Driver 3 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5 "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2 "{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java SE Development Kit 6 Update 23 "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4FCB1267-7380-4EBA-9A6C-69809C6E8227}" = Nokia Music Player "{56B116A2-FF34-4923-B1A7-1DFAB0B6E186}" = Utility support driver "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu "{5FD4B351-1567-426F-AEB4-08F41E3FA6C5}" = calibre "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9782762F-639B-499B-A23D-5EBEAFC160E6}" = Microsoft Tool Web Package:diskpart.exe "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{B3A1BF34-A336-450D-BC3E-3A854AD270A0}" = AVG 2013 "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI "{DEE76D44-8D7C-4A32-8FAE-A813817631FC}" = AVG 2013 "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) "72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG" = AVG 2013 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "Crazybump" = Crazybump (remove only) "DAEMON Tools Pro" = DAEMON Tools Pro "E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7) "FileZilla Client" = FileZilla Client 3.5.2 "In The Groove" = In The Groove (remove only) "Inkscape" = Inkscape 0.48.4 "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers. "KaM - The Peasants Rebellion" = KaM - The Peasants Rebellion "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "MaPZone2.Free" = Allegorithmic MaPZone2.Free "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1 "networkx-py2.7" = Python 2.7 networkx-1.5 "nltk-py2.7" = Python 2.7 nltk-2.0b9 "Nokia PC Suite" = Nokia PC Suite "Notepad++" = Notepad++ "numpy-py2.6" = Python 2.6 numpy-1.4.1 "numpy-py2.7" = Python 2.7 numpy-1.5.1 "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "PDF to Kindle Converter_is1" = PDF to Kindle Converter 3.0.5 "PIL-py2.6" = Python 2.6 PIL-1.1.6 "PIL-py2.7" = Python 2.7 PIL-1.1.7 "pp-py2.7" = Python 2.7 pp-1.6.1 "PyQt GPL v4.5.4 for Python v2.6" = PyQt GPL v4.5.4 for Python v2.6 "PyQt GPL v4.8.1 for Python v2.7" = PyQt GPL v4.8.1 for Python v2.7 "PyQt4.Qwt5-py2.7" = Python 2.7 PyQt4.Qwt5-5.2.1 "PyQwt5" = PyQwt-5.2.0 "pywin32-py2.6" = Python 2.6 pywin32-214 "pywin32-py2.7" = Python 2.7 pywin32-214 "PyYAML-py2.7" = Python 2.7 PyYAML-3.10 "RealFlow 2012" = RealFlow 2012 "RealFlowC4D" = RealFlow Plug-in for Cinema4D "RegexBuddy 3" = JGsoft RegexBuddy 3 v.3.2.1 "setuptools-py2.6" = Python 2.6 setuptools-0.6c11 "setuptools-py2.7" = Python 2.7 setuptools-0.6c11 "Sublime Text 2_is1" = Sublime Text 2.0.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.6 "Weka 3.6.4" = Weka 3.6.4 "WinRAR archiver" = WinRAR archiver ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1418722034-3009943260-4089739646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013.05.30. 23:58:01 | Computer Name = Tosis | Source = System Restore | ID = 8193 Description = Error - 2013.05.30. 23:58:39 | Computer Name = Tosis | Source = System Restore | ID = 8193 Description = Error - 2013.05.30. 23:58:39 | Computer Name = Tosis | Source = System Restore | ID = 8193 Description = Error - 2013.05.30. 23:59:05 | Computer Name = Tosis | Source = System Restore | ID = 8193 Description = Error - 2013.05.31. 2:08:48 | Computer Name = Tosis | Source = System Restore | ID = 8193 Description = Error - 2013.05.31. 2:08:49 | Computer Name = Tosis | Source = System Restore | ID = 8193 Description = Error - 2013.05.31. 2:08:55 | Computer Name = Tosis | Source = System Restore | ID = 8193 Description = Error - 2013.05.31. 2:08:58 | Computer Name = Tosis | Source = System Restore | ID = 8193 Description = Error - 2013.05.31. 17:00:44 | Computer Name = Tosis | Source = System Restore | ID = 8193 Description = Error - 2013.05.31. 17:04:20 | Computer Name = Tosis | Source = System Restore | ID = 8193 Description = Error - 2013.05.31. 17:50:05 | Computer Name = Tosis | Source = Google Update | ID = 20 Description = [ System Events ] Error - 2013.05.30. 22:58:40 | Computer Name = Tosis | Source = Service Control Manager | ID = 7001 Description = The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: %%1290 Error - 2013.05.30. 22:58:42 | Computer Name = Tosis | Source = Service Control Manager | ID = 7000 Description = The Security Center service failed to start due to the following error: %%1314 Error - 2013.05.30. 23:01:24 | Computer Name = Tosis | Source = Service Control Manager | ID = 7024 Description = The HomeGroup Listener service terminated with service-specific error %%-2147023143. Error - 2013.05.31. 0:00:51 | Computer Name = Tosis | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 2013.05.31. 0:07:26 | Computer Name = Tosis | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 2013.05.31. 0:08:52 | Computer Name = Tosis | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2013.05.31. 0:17:47 | Computer Name = Tosis | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 2013.05.31. 0:23:37 | Computer Name = Tosis | Source = EventLog | ID = 6008 Description = The previous system shutdown at 1:21:55 on ?2013.?05.?31. was unexpected. Error - 2013.05.31. 0:53:32 | Computer Name = Tosis | Source = EventLog | ID = 6008 Description = The previous system shutdown at 1:50:19 on ?2013.?05.?31. was unexpected. Error - 2013.05.31. 4:56:09 | Computer Name = Tosis | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 < End of report >
  6. Looks like it found something! RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Kaspars [Admin rights] Mode : Scan -- Date : 05/31/2013 20:52:22 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++ --- User --- [MBR] dadd07ddb5fdbb68642b2e358eadfda0 [bSP] 5d2c7ac1075dff58bdea5b4c892ba794 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 80302 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 164666250 | Size: 396534 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05312013_02d2052.txt >> RKreport[1]_S_05312013_02d2052.txt
  7. The rest of logs: Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.05.30.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 Kaspars :: TOSIS [administrator] 2013.05.30. 23:08:01 mbar-log-2013-05-30 (23-08-01).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 251185 Time elapsed: 49 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 c:\Windows\$NtUninstallKB11901$\4166637092\L (Backdoor.0Access) -> Delete on reboot. c:\Windows\$NtUninstallKB11901$\4166637092\U (Backdoor.0Access) -> Delete on reboot. c:\Windows\$NtUninstallKB11901$\4166637092 (Backdoor.0Access) -> Delete on reboot. Files Detected: 4 c:\Windows\$NtUninstallKB11901$\4166637092\L\00000004.@ (Backdoor.0Access) -> Delete on reboot. c:\Windows\$NtUninstallKB11901$\4166637092\L\201d3dde (Backdoor.0Access) -> Delete on reboot. c:\Windows\$NtUninstallKB11901$\4166637092\L\76603ac3 (Backdoor.0Access) -> Delete on reboot. c:\Windows\$NtUninstallKB11901$\4166637092\L\xadqgnnk (Backdoor.0Access) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.05.30.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 Kaspars :: TOSIS [administrator] 2013.05.31. 0:01:47 mbar-log-2013-05-31 (00-01-47).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 251234 Time elapsed: 47 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1003 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16576 Java version: 1.6.0_23 File system is: NTFS Disk drives: A:\ DRIVE_FIXED, C:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 3219251200, free: 2273050624 Downloaded database version: v2013.05.30.06 Downloaded database version: v2013.05.22.01 Initializing... ------------ Kernel report ------------ 05/30/2013 23:07:55 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\15878117.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\LPCFilter.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\pcmcia.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\TVALZ_O.SYS \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx86.sys \SystemRoot\system32\DRIVERS\avgidshx.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\system32\DRIVERS\avgmfx86.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\System32\Drivers\tosrfcom.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avgldx86.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\netw5v32.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\drivers\tifm21.sys \SystemRoot\system32\drivers\sdbus.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\tosrfec.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\AGRSM.sys \SystemRoot\system32\DRIVERS\tosporte.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\avgidsshimx.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\avgidsfilterx.sys \SystemRoot\system32\DRIVERS\avgidsdriverx.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8687c030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff86792030 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8687c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8687ccb0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8687c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86795830, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff86792030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 4B1C7CD8 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 164459402 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 164666250 Numsec = 812102774 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Read File: File "c:\programdata\avg2012\chjw\18c40bcfc40badd6.dat:e544891c-b4e6-4242-8033-fe12f374ff46" is sparse (flags = 32768) Infected: c:\Windows\$NtUninstallKB11901$\4166637092\L\00000004.@ --> [backdoor.0Access] Infected: c:\Windows\$NtUninstallKB11901$\4166637092\L\201d3dde --> [backdoor.0Access] Infected: c:\Windows\$NtUninstallKB11901$\4166637092\L\76603ac3 --> [backdoor.0Access] Infected: c:\Windows\$NtUninstallKB11901$\4166637092\L\xadqgnnk --> [backdoor.0Access] Infected: c:\Windows\$NtUninstallKB11901$\4166637092\L --> [backdoor.0Access] Infected: c:\Windows\$NtUninstallKB11901$\4166637092\U --> [backdoor.0Access] Infected: c:\Windows\$NtUninstallKB11901$\4166637092 --> [backdoor.0Access] Scan finished Creating System Restore point... Could not create restore point... Cleaning up... Executing an action fixdamage.exe... Success! Queuing an action fixdamage.exe Removal successful. No system shutdown is required. ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1003 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16576 Java version: 1.6.0_23 File system is: NTFS Disk drives: A:\ DRIVE_FIXED, C:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 3219251200, free: 2221551616 Initializing... ------------ Kernel report ------------ 05/31/2013 00:01:41 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\15878117.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\LPCFilter.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\pcmcia.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\TVALZ_O.SYS \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx86.sys \SystemRoot\system32\DRIVERS\avgidshx.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\system32\DRIVERS\avgmfx86.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\System32\Drivers\tosrfcom.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avgldx86.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\netw5v32.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\drivers\tifm21.sys \SystemRoot\system32\drivers\sdbus.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\tosrfec.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\AGRSM.sys \SystemRoot\system32\DRIVERS\tosporte.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\avgidsshimx.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\avgidsfilterx.sys \SystemRoot\system32\DRIVERS\avgidsdriverx.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \SystemRoot\System32\drivers\mpsdrv.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8687c030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff86792030 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8687c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8687ccb0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8687c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86795830, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff86792030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 4B1C7CD8 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 164459402 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 164666250 Numsec = 812102774 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Read File: File "c:\programdata\avg2012\chjw\18c40bcfc40badd6.dat:e544891c-b4e6-4242-8033-fe12f374ff46" is sparse (flags = 32768) Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished ComboFix 13-05-30.02 - Kaspars 013.05.31. 1:08.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.3070.2168 [GMT -3:00] Running from: c:\users\Kaspars\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe c:\windows\$NtUninstallKB11901$ c:\windows\system32\lsprst7.dll c:\windows\system32\ssprs.dll . . ((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-31 ))))))))))))))))))))))))))))))) . . 2013-05-31 03:58 . 2013-05-31 03:58 -------- d-----w- c:\users\Kaspars\AppData\Roaming\TuneUp Software 2013-05-31 02:07 . 2013-05-31 03:49 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-05-31 02:01 . 2013-05-31 02:01 -------- d-----w- C:\TDSSKiller_Quarantine 2013-05-30 23:02 . 2013-05-30 23:02 -------- d-----w- c:\users\Kaspars\AppData\Roaming\Malwarebytes 2013-05-30 23:02 . 2013-05-30 23:02 -------- d-----w- c:\programdata\Malwarebytes 2013-05-30 23:02 . 2013-05-30 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-30 23:02 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-30 23:01 . 2013-05-30 23:01 -------- d-----w- c:\users\Kaspars\AppData\Local\Programs 2013-05-29 17:37 . 2004-07-16 03:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll 2013-05-29 17:37 . 2004-07-16 03:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll 2013-05-29 17:37 . 2004-07-16 03:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll 2013-05-29 17:37 . 2004-07-16 03:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll 2013-05-29 17:37 . 2004-07-16 03:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe 2013-05-29 17:37 . 2013-05-29 17:37 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll 2013-05-29 17:37 . 2013-05-29 17:37 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll 2013-05-29 01:10 . 2013-05-29 01:11 -------- d-----w- c:\program files\x264 Video Codec 2013-05-25 21:09 . 2013-05-25 21:14 -------- d-----w- c:\program files\Sublime Text 2 2013-05-25 17:59 . 2013-05-25 17:59 -------- d-----w- c:\programdata\MetaQuotes 2013-05-25 17:55 . 2013-05-26 23:33 -------- d-----w- c:\program files\MetaTrader 4 at FOREX.com 2013-05-21 20:32 . 2013-05-21 20:32 -------- d-----w- c:\program files\Common Files\Skype 2013-05-20 18:41 . 2013-05-20 18:41 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2013-05-20 18:30 . 2013-05-31 00:08 -------- d-----w- c:\program files\GTR2 2013-05-18 20:35 . 2013-05-18 20:35 -------- d-----w- c:\program files\Calibre2 2013-05-16 16:37 . 2013-05-31 00:08 -------- d-----w- c:\program files\Codemasters 2013-05-16 16:36 . 2000-01-04 09:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll 2013-05-15 15:33 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-15 15:33 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-15 15:33 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 15:30 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 15:30 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 15:30 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe 2013-05-15 15:30 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll 2013-05-15 15:30 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll 2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-31 02:02 . 2011-02-10 12:10 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-05-15 16:03 . 2013-04-06 02:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-15 16:03 . 2011-06-16 06:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-21 02:29 . 2013-04-21 02:29 3584 ----a-r- c:\users\Kaspars\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2013-04-13 04:45 . 2013-05-15 15:33 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 15:33 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 13:45 . 2013-04-24 08:14 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-08 16:01 . 2013-04-08 16:01 52171 ----a-w- c:\windows\RFC4DPluginUninstall.exe 2013-04-05 06:03 . 2013-04-05 06:03 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-05 06:03 . 2013-04-05 06:03 185344 ----a-w- c:\windows\system32\elshyph.dll 2013-04-05 06:03 . 2013-04-05 06:03 158720 ----a-w- c:\windows\system32\msls31.dll 2013-04-05 06:03 . 2013-04-05 06:03 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-04-05 06:03 . 2013-04-05 06:03 138752 ----a-w- c:\windows\system32\wextract.exe 2013-04-05 06:03 . 2013-04-05 06:03 523264 ----a-w- c:\windows\system32\vbscript.dll 2013-04-05 06:03 . 2013-04-05 06:03 137216 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-05 06:03 . 2013-04-05 06:03 12800 ----a-w- c:\windows\system32\mshta.exe 2013-04-05 06:03 . 2013-04-05 06:03 38400 ----a-w- c:\windows\system32\imgutil.dll 2013-04-05 06:03 . 2013-04-05 06:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-05 06:03 . 2013-04-05 06:03 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-05 06:03 . 2013-04-05 06:03 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-05 06:03 . 2013-04-05 06:03 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-04-05 06:03 . 2013-04-05 06:03 361984 ----a-w- c:\windows\system32\html.iec 2013-04-05 06:03 . 2013-04-05 06:03 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-05 06:03 . 2013-04-05 06:03 23040 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-05 06:03 . 2013-04-05 06:03 1441280 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-05 06:02 . 2013-04-05 06:02 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-04-05 06:02 . 2013-04-05 06:02 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-04-05 06:02 . 2013-04-05 06:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-04-05 06:02 . 2013-04-05 06:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-04-05 06:02 . 2013-04-05 06:02 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-04-05 06:02 . 2013-04-05 06:02 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-04-05 06:02 . 2013-04-05 06:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-04-05 06:02 . 2013-04-05 06:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-04-05 06:02 . 2013-04-05 06:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-04-05 06:02 . 2013-04-05 06:02 1158144 ----a-w- c:\windows\system32\XpsPrint.dll 2013-04-05 06:02 . 2013-04-05 06:02 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-04-05 06:02 . 2013-04-05 06:02 906240 ----a-w- c:\windows\system32\FntCache.dll 2013-04-05 06:02 . 2013-04-05 06:02 417792 ----a-w- c:\windows\system32\WMPhoto.dll 2013-04-05 06:02 . 2013-04-05 06:02 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-04-05 06:02 . 2013-04-05 06:02 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-04-05 06:02 . 2013-04-05 06:02 1504768 ----a-w- c:\windows\system32\d3d11.dll 2013-04-05 06:02 . 2013-04-05 06:02 249856 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-04-05 06:02 . 2013-04-05 06:02 220160 ----a-w- c:\windows\system32\d3d10core.dll 2013-04-05 06:02 . 2013-04-05 06:02 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-04-05 06:02 . 2013-04-05 06:02 1080832 ----a-w- c:\windows\system32\d3d10.dll 2013-04-05 06:02 . 2013-04-05 06:02 604160 ----a-w- c:\windows\system32\d3d10level9.dll 2013-04-05 06:02 . 2013-04-05 06:02 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2013-04-05 06:02 . 2013-04-05 06:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-04-05 06:02 . 2013-04-05 06:02 3419136 ----a-w- c:\windows\system32\d2d1.dll 2013-04-05 06:02 . 2013-04-05 06:02 293376 ----a-w- c:\windows\system32\dxgi.dll 2013-04-05 06:02 . 2013-04-05 06:02 1988096 ----a-w- c:\windows\system32\d3d10warp.dll 2013-04-05 06:02 . 2013-04-05 06:02 187392 ----a-w- c:\windows\system32\UIAnimation.dll 2013-04-04 08:35 . 2013-04-30 17:50 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-19 05:04 . 2013-04-10 06:15 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 06:15 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 04:48 . 2013-04-10 06:15 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 02:49 . 2013-04-10 06:15 69632 ----a-w- c:\windows\system32\smss.exe 2013-03-09 01:56 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2013-03-08 21:57 . 2012-12-14 09:56 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-08 21:57 . 2010-12-10 15:15 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-28 19:49 . 2011-05-31 10:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaIconsOverlay] @="{1EC23CFF-4C58-458f-924C-8519AEF61B32}" [HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}] 2013-05-29 01:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2006-11-13 413696] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-01-13 840000] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632] "Facebook Update"="c:\users\Kaspars\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-04 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13601312] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-12-9 2749856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . . Contents of the 'Scheduled Tasks' folder . 2013-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-06 16:03] . 2013-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001Core.job - c:\users\Kaspars\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-04 18:45] . 2013-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001UA.job - c:\users\Kaspars\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-04 18:45] . 2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001Core.job - c:\users\Kaspars\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 15:14] . 2013-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001UA.job - c:\users\Kaspars\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 15:14] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 200.42.4.204 200.49.130.41 FF - ProfilePath - c:\users\Kaspars\AppData\Roaming\Mozilla\Firefox\Profiles\x022xa6b.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://mysql.soon.lv/eklinda/ . - - - - ORPHANS REMOVED - - - - . HKCU-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe SafeBoot-04407837.sys AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:e6,05,a7,89,08,f4,81,fb,a1,e1,5b,fd,87,02,e9,3c,a1,b3,f7,33,85, 37,92,49,24,f4,12,3e,47,aa,7e,b9,fe,35,e8,99,fd,76,be,97,cd,81,c0,bc,5c,98,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:e6,05,a7,89,08,f4,81,fb,a1,e1,5b,fd,87,02,e9,3c,a1,b3,f7,33,85, 37,92,49,24,f4,12,3e,47,aa,7e,b9,fe,35,e8,99,fd,76,be,97,cd,81,c0,bc,5c,98,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare\Wondershare Helper Compact\1179606866\_PROCESSORS=2*OS=Windows_NT*Path=c:\users\Kaspars\AppData\Local\Google\Chrome\Application;c:\python27\Lib\site-packages\PyQt4\bin;c:\program files\NVIDIA Corporation\PhysX\Common;c:\program files\PC Connectivity Solution\;c:\windows\system32;C:\Windows;C:] "JoinUserExperience"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(4936) c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\program files\Synaptics\SynTP\SynToshiba.exe c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2013-05-31 01:30:46 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-31 04:30 . Pre-Run: 23 624 122 368 bytes free Post-Run: 28 226 064 384 bytes free . - - End Of File - - C7D44D8E0277163CA0EC45449D14EC41 Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java DB 10.5.3.0 Java™ 6 Update 23 Java 7 Update 21 Java™ SE Development Kit 6 Update 23 Adobe Flash Player 11.7.700.202 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 12.0 Firefox out of Date! Google Chrome 26.0.1410.64 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7% ````````````````````End of Log``````````````````````
  8. Hey, nice to hear from you. Ok, I did all the steps you said. Below are all the log files. So far it seems, that it fixed things. Computer works again. I still have three questions. I read that after a root-kit a system can never be trusted again, that is, there still might be some hidden malware, that can't be detected. So the question is, how safe am I, how safe is my personal data now? Do I maybe have to format everything and re install? In that case, what is the safest way to get all the files from the system that I don't want to loose? The other question is, should I perform all the steps on my other computer, that I plugged the infected hard drive in as external drive? What is the best way to protect my computer from now on. P.S. Although in Combofix log file it says that AVG was running during it's scan, it wasn't. It was disabled, and after it repeatedly warned me that it is running I uninstalled it before starting Combofix. Ok, log files. 23:00:34.0876 3576 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34 23:00:34.0938 3576 ============================================================ 23:00:34.0938 3576 Current date / time: 2013/05/30 23:00:34.0938 23:00:34.0938 3576 SystemInfo: 23:00:34.0938 3576 23:00:34.0938 3576 OS Version: 6.1.7601 ServicePack: 1.0 23:00:34.0938 3576 Product type: Workstation 23:00:34.0938 3576 ComputerName: TOSIS 23:00:34.0938 3576 UserName: Kaspars 23:00:34.0938 3576 Windows directory: C:\Windows 23:00:34.0938 3576 System windows directory: C:\Windows 23:00:34.0938 3576 Processor architecture: Intel x86 23:00:34.0938 3576 Number of processors: 2 23:00:34.0938 3576 Page size: 0x1000 23:00:34.0938 3576 Boot type: Normal boot 23:00:34.0938 3576 ============================================================ 23:00:36.0529 3576 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 23:00:36.0529 3576 ============================================================ 23:00:36.0529 3576 \Device\Harddisk0\DR0: 23:00:36.0529 3576 MBR partitions: 23:00:36.0529 3576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 23:00:36.0529 3576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9CD738A 23:00:36.0529 3576 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9D09B8A, BlocksNum 0x3067B476 23:00:36.0529 3576 ============================================================ 23:00:36.0545 3576 C: <-> \Device\Harddisk0\DR0\Partition2 23:00:36.0576 3576 A: <-> \Device\Harddisk0\DR0\Partition3 23:00:36.0576 3576 ============================================================ 23:00:36.0576 3576 Initialize success 23:00:36.0576 3576 ============================================================ 23:00:54.0781 4020 ============================================================ 23:00:54.0781 4020 Scan started 23:00:54.0781 4020 Mode: Manual; 23:00:54.0781 4020 ============================================================ 23:00:57.0355 4020 ================ Scan system memory ======================== 23:00:57.0355 4020 System memory - ok 23:00:57.0355 4020 ================ Scan services ============================= 23:00:57.0527 4020 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 23:00:58.0182 4020 1394ohci - ok 23:00:58.0260 4020 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 23:00:58.0260 4020 ACPI - ok 23:00:58.0322 4020 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 23:00:58.0322 4020 AcpiPmi - ok 23:00:58.0463 4020 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 23:00:58.0463 4020 AdobeARMservice - ok 23:00:58.0541 4020 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 23:00:58.0541 4020 AdobeFlashPlayerUpdateSvc - ok 23:00:58.0603 4020 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 23:00:58.0619 4020 adp94xx - ok 23:00:58.0634 4020 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 23:00:58.0650 4020 adpahci - ok 23:00:58.0681 4020 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 23:00:58.0681 4020 adpu320 - ok 23:00:58.0728 4020 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:00:58.0728 4020 AeLookupSvc - ok 23:00:58.0790 4020 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 23:00:58.0790 4020 AFD - ok 23:00:58.0853 4020 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe 23:00:58.0853 4020 AgereModemAudio - ok 23:00:58.0915 4020 [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 23:00:58.0946 4020 AgereSoftModem - ok 23:00:58.0993 4020 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 23:00:58.0993 4020 agp440 - ok 23:00:59.0024 4020 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 23:00:59.0040 4020 aic78xx - ok 23:00:59.0071 4020 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 23:00:59.0071 4020 ALG - ok 23:00:59.0102 4020 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 23:00:59.0102 4020 aliide - ok 23:00:59.0118 4020 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 23:00:59.0118 4020 amdagp - ok 23:00:59.0165 4020 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 23:00:59.0165 4020 amdide - ok 23:00:59.0212 4020 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 23:00:59.0212 4020 AmdK8 - ok 23:00:59.0243 4020 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 23:00:59.0243 4020 AmdPPM - ok 23:00:59.0274 4020 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 23:00:59.0274 4020 amdsata - ok 23:00:59.0290 4020 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 23:00:59.0305 4020 amdsbs - ok 23:00:59.0321 4020 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 23:00:59.0321 4020 amdxata - ok 23:00:59.0368 4020 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 23:00:59.0368 4020 AppID - ok 23:00:59.0399 4020 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 23:00:59.0399 4020 AppIDSvc - ok 23:00:59.0446 4020 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll 23:00:59.0446 4020 Appinfo - ok 23:00:59.0524 4020 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 23:00:59.0539 4020 Apple Mobile Device - ok 23:00:59.0570 4020 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 23:00:59.0586 4020 AppMgmt - ok 23:00:59.0617 4020 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 23:00:59.0617 4020 arc - ok 23:00:59.0633 4020 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 23:00:59.0648 4020 arcsas - ok 23:00:59.0711 4020 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:00:59.0711 4020 AsyncMac - ok 23:00:59.0758 4020 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 23:00:59.0758 4020 atapi - ok 23:00:59.0804 4020 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:00:59.0820 4020 AudioEndpointBuilder - ok 23:00:59.0836 4020 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 23:00:59.0836 4020 Audiosrv - ok 23:01:00.0007 4020 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 23:01:00.0038 4020 AVGIDSAgent - ok 23:01:00.0101 4020 [ EF67527CC2AD77D22AB1405C6470407E ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys 23:01:00.0101 4020 AVGIDSDriver - ok 23:01:00.0148 4020 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys 23:01:00.0148 4020 AVGIDSFilter - ok 23:01:00.0179 4020 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys 23:01:00.0194 4020 AVGIDSHX - ok 23:01:00.0226 4020 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys 23:01:00.0226 4020 AVGIDSShim - ok 23:01:00.0257 4020 [ 6671345A6E2669AF1966BAF68EC5620F ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys 23:01:00.0272 4020 Avgldx86 - ok 23:01:00.0304 4020 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys 23:01:00.0304 4020 Avgmfx86 - ok 23:01:00.0350 4020 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys 23:01:00.0350 4020 Avgrkx86 - ok 23:01:00.0382 4020 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe 23:01:00.0382 4020 avgwd - ok 23:01:00.0428 4020 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 23:01:00.0428 4020 AxInstSV - ok 23:01:00.0491 4020 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 23:01:00.0491 4020 b06bdrv - ok 23:01:00.0538 4020 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 23:01:00.0538 4020 b57nd60x - ok 23:01:00.0584 4020 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 23:01:00.0584 4020 BDESVC - ok 23:01:00.0600 4020 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 23:01:00.0600 4020 Beep - ok 23:01:00.0631 4020 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 23:01:00.0631 4020 blbdrive - ok 23:01:00.0740 4020 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 23:01:00.0756 4020 Bonjour Service - ok 23:01:00.0803 4020 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:01:00.0803 4020 bowser - ok 23:01:00.0834 4020 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:01:00.0834 4020 BrFiltLo - ok 23:01:00.0850 4020 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:01:00.0850 4020 BrFiltUp - ok 23:01:00.0896 4020 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 23:01:00.0896 4020 Browser - ok 23:01:00.0928 4020 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 23:01:00.0928 4020 Brserid - ok 23:01:00.0943 4020 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 23:01:00.0943 4020 BrSerWdm - ok 23:01:00.0959 4020 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 23:01:00.0959 4020 BrUsbMdm - ok 23:01:00.0990 4020 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 23:01:00.0990 4020 BrUsbSer - ok 23:01:01.0052 4020 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 23:01:01.0052 4020 BthEnum - ok 23:01:01.0068 4020 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 23:01:01.0068 4020 BTHMODEM - ok 23:01:01.0099 4020 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 23:01:01.0099 4020 BthPan - ok 23:01:01.0130 4020 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 23:01:01.0146 4020 BTHPORT - ok 23:01:01.0177 4020 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 23:01:01.0177 4020 bthserv - ok 23:01:01.0224 4020 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 23:01:01.0224 4020 BTHUSB - ok 23:01:01.0255 4020 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:01:01.0255 4020 cdfs - ok 23:01:01.0286 4020 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys 23:01:01.0286 4020 cdrom - ok 23:01:01.0333 4020 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 23:01:01.0333 4020 CertPropSvc - ok 23:01:01.0396 4020 [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 23:01:01.0396 4020 CFSvcs - ok 23:01:01.0427 4020 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 23:01:01.0427 4020 circlass - ok 23:01:01.0458 4020 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 23:01:01.0458 4020 CLFS - ok 23:01:01.0520 4020 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:01:01.0520 4020 clr_optimization_v2.0.50727_32 - ok 23:01:01.0567 4020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:01:01.0614 4020 clr_optimization_v4.0.30319_32 - ok 23:01:01.0645 4020 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 23:01:01.0645 4020 CmBatt - ok 23:01:01.0708 4020 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 23:01:01.0708 4020 cmdide - ok 23:01:01.0754 4020 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 23:01:01.0754 4020 CNG - ok 23:01:01.0770 4020 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 23:01:01.0770 4020 Compbatt - ok 23:01:01.0832 4020 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 23:01:01.0832 4020 CompositeBus - ok 23:01:01.0848 4020 COMSysApp - ok 23:01:01.0864 4020 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 23:01:01.0864 4020 crcdisk - ok 23:01:01.0910 4020 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:01:01.0910 4020 CryptSvc - ok 23:01:01.0957 4020 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys 23:01:01.0973 4020 CSC - ok 23:01:01.0988 4020 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll 23:01:02.0004 4020 CscService - ok 23:01:02.0035 4020 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 23:01:02.0051 4020 DcomLaunch - ok 23:01:02.0082 4020 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 23:01:02.0082 4020 defragsvc - ok 23:01:02.0129 4020 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:01:02.0129 4020 DfsC - ok 23:01:02.0191 4020 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 23:01:02.0191 4020 Dhcp - ok 23:01:02.0207 4020 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 23:01:02.0207 4020 discache - ok 23:01:02.0254 4020 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 23:01:02.0254 4020 Disk - ok 23:01:02.0300 4020 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:01:02.0300 4020 Dnscache - ok 23:01:02.0347 4020 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 23:01:02.0347 4020 dot3svc - ok 23:01:02.0394 4020 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 23:01:02.0394 4020 DPS - ok 23:01:02.0425 4020 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:01:02.0425 4020 drmkaud - ok 23:01:02.0456 4020 [ FA0D92F039005F01EF6C5429052222DB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 23:01:02.0472 4020 Suspicious file (Forged): C:\Windows\system32\DRIVERS\dtsoftbus01.sys. Real md5: FA0D92F039005F01EF6C5429052222DB, Fake md5: 87B0F28C43B50BBB917F4400FA63CD31 23:01:02.0472 4020 dtsoftbus01 ( Virus.Win32.ZAccess.aml ) - infected 23:01:02.0472 4020 dtsoftbus01 - detected Virus.Win32.ZAccess.aml (0) 23:01:02.0519 4020 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:01:02.0519 4020 DXGKrnl - ok 23:01:02.0566 4020 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 23:01:02.0566 4020 EapHost - ok 23:01:02.0659 4020 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 23:01:02.0690 4020 ebdrv - ok 23:01:02.0737 4020 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 23:01:02.0737 4020 EFS - ok 23:01:02.0815 4020 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:01:02.0815 4020 ehRecvr - ok 23:01:02.0846 4020 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 23:01:02.0846 4020 ehSched - ok 23:01:02.0893 4020 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 23:01:02.0893 4020 elxstor - ok 23:01:02.0909 4020 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 23:01:02.0909 4020 ErrDev - ok 23:01:02.0956 4020 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 23:01:02.0971 4020 EventSystem - ok 23:01:03.0002 4020 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 23:01:03.0002 4020 exfat - ok 23:01:03.0018 4020 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:01:03.0034 4020 fastfat - ok 23:01:03.0080 4020 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 23:01:03.0080 4020 Fax - ok 23:01:03.0112 4020 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 23:01:03.0112 4020 fdc - ok 23:01:03.0143 4020 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 23:01:03.0143 4020 fdPHost - ok 23:01:03.0158 4020 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 23:01:03.0158 4020 FDResPub - ok 23:01:03.0174 4020 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:01:03.0174 4020 FileInfo - ok 23:01:03.0190 4020 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:01:03.0190 4020 Filetrace - ok 23:01:03.0268 4020 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 23:01:03.0283 4020 FLEXnet Licensing Service - ok 23:01:03.0299 4020 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 23:01:03.0314 4020 flpydisk - ok 23:01:03.0330 4020 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:01:03.0330 4020 FltMgr - ok 23:01:03.0408 4020 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll 23:01:03.0408 4020 FontCache - ok 23:01:03.0470 4020 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 23:01:03.0470 4020 FontCache3.0.0.0 - ok 23:01:03.0502 4020 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 23:01:03.0502 4020 FsDepends - ok 23:01:03.0533 4020 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:01:03.0533 4020 Fs_Rec - ok 23:01:03.0580 4020 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 23:01:03.0580 4020 fvevol - ok 23:01:03.0611 4020 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 23:01:03.0611 4020 gagp30kx - ok 23:01:03.0642 4020 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 23:01:03.0658 4020 GEARAspiWDM - ok 23:01:03.0767 4020 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 23:01:03.0767 4020 gpsvc - ok 23:01:03.0814 4020 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 23:01:03.0814 4020 hcw85cir - ok 23:01:03.0892 4020 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 23:01:03.0892 4020 HdAudAddService - ok 23:01:03.0923 4020 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 23:01:03.0923 4020 HDAudBus - ok 23:01:03.0954 4020 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 23:01:03.0970 4020 HidBatt - ok 23:01:03.0985 4020 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 23:01:03.0985 4020 HidBth - ok 23:01:04.0016 4020 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 23:01:04.0016 4020 HidIr - ok 23:01:04.0048 4020 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 23:01:04.0048 4020 hidserv - ok 23:01:04.0094 4020 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys 23:01:04.0094 4020 HidUsb - ok 23:01:04.0141 4020 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:01:04.0141 4020 hkmsvc - ok 23:01:04.0188 4020 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 23:01:04.0188 4020 HomeGroupListener - ok 23:01:04.0235 4020 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 23:01:04.0235 4020 HomeGroupProvider - ok 23:01:04.0282 4020 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 23:01:04.0282 4020 HpSAMD - ok 23:01:04.0344 4020 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:01:04.0360 4020 HTTP - ok 23:01:04.0375 4020 hwdatacard - ok 23:01:04.0391 4020 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 23:01:04.0391 4020 hwpolicy - ok 23:01:04.0406 4020 hwusbfake - ok 23:01:04.0469 4020 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 23:01:04.0469 4020 i8042prt - ok 23:01:04.0500 4020 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 23:01:04.0500 4020 iaStorV - ok 23:01:04.0609 4020 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 23:01:04.0609 4020 IDriverT - ok 23:01:04.0734 4020 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 23:01:04.0734 4020 idsvc - ok 23:01:04.0781 4020 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 23:01:04.0781 4020 iirsp - ok 23:01:04.0812 4020 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 23:01:04.0828 4020 IKEEXT - ok 23:01:04.0937 4020 [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 23:01:04.0952 4020 IntcAzAudAddService - ok 23:01:04.0999 4020 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 23:01:04.0999 4020 intelide - ok 23:01:05.0046 4020 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 23:01:05.0046 4020 intelppm - ok 23:01:05.0093 4020 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:01:05.0093 4020 IPBusEnum - ok 23:01:05.0108 4020 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:01:05.0108 4020 IpFilterDriver - ok 23:01:05.0140 4020 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 23:01:05.0140 4020 IPMIDRV - ok 23:01:05.0171 4020 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 23:01:05.0171 4020 IPNAT - ok 23:01:05.0233 4020 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 23:01:05.0233 4020 iPod Service - ok 23:01:05.0264 4020 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:01:05.0264 4020 IRENUM - ok 23:01:05.0311 4020 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 23:01:05.0311 4020 isapnp - ok 23:01:05.0342 4020 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 23:01:05.0358 4020 iScsiPrt - ok 23:01:05.0389 4020 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 23:01:05.0389 4020 kbdclass - ok 23:01:05.0405 4020 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 23:01:05.0405 4020 kbdhid - ok 23:01:05.0420 4020 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 23:01:05.0436 4020 KeyIso - ok 23:01:05.0467 4020 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:01:05.0467 4020 KSecDD - ok 23:01:05.0483 4020 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 23:01:05.0483 4020 KSecPkg - ok 23:01:05.0514 4020 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 23:01:05.0530 4020 KtmRm - ok 23:01:05.0561 4020 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 23:01:05.0561 4020 LanmanServer - ok 23:01:05.0608 4020 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:01:05.0623 4020 LanmanWorkstation - ok 23:01:05.0654 4020 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:01:05.0654 4020 lltdio - ok 23:01:05.0732 4020 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:01:05.0732 4020 lltdsvc - ok 23:01:05.0748 4020 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 23:01:05.0748 4020 lmhosts - ok 23:01:05.0779 4020 [ 6ADAB14D7AD12B35BDC665B35278099B ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys 23:01:05.0779 4020 LPCFilter - ok 23:01:05.0810 4020 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 23:01:05.0826 4020 LSI_FC - ok 23:01:05.0842 4020 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 23:01:05.0842 4020 LSI_SAS - ok 23:01:05.0873 4020 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:01:05.0873 4020 LSI_SAS2 - ok 23:01:05.0888 4020 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:01:05.0888 4020 LSI_SCSI - ok 23:01:05.0920 4020 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 23:01:05.0920 4020 luafv - ok 23:01:05.0951 4020 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 23:01:05.0951 4020 MBAMProtector - ok 23:01:05.0998 4020 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 23:01:05.0998 4020 MBAMScheduler - ok 23:01:06.0029 4020 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 23:01:06.0044 4020 MBAMService - ok 23:01:06.0076 4020 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:01:06.0076 4020 Mcx2Svc - ok 23:01:06.0107 4020 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 23:01:06.0107 4020 megasas - ok 23:01:06.0122 4020 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 23:01:06.0138 4020 MegaSR - ok 23:01:06.0169 4020 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 23:01:06.0169 4020 MMCSS - ok 23:01:06.0185 4020 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 23:01:06.0185 4020 Modem - ok 23:01:06.0200 4020 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:01:06.0200 4020 monitor - ok 23:01:06.0232 4020 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys 23:01:06.0232 4020 mouclass - ok 23:01:06.0247 4020 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:01:06.0247 4020 mouhid - ok 23:01:06.0294 4020 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 23:01:06.0294 4020 mountmgr - ok 23:01:06.0372 4020 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 23:01:06.0372 4020 MozillaMaintenance - ok 23:01:06.0403 4020 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 23:01:06.0419 4020 mpio - ok 23:01:06.0434 4020 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:01:06.0434 4020 mpsdrv - ok 23:01:06.0466 4020 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:01:06.0481 4020 MRxDAV - ok 23:01:06.0528 4020 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:01:06.0528 4020 mrxsmb - ok 23:01:06.0559 4020 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:01:06.0575 4020 mrxsmb10 - ok 23:01:06.0590 4020 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:01:06.0590 4020 mrxsmb20 - ok 23:01:06.0637 4020 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 23:01:06.0637 4020 msahci - ok 23:01:06.0653 4020 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 23:01:06.0653 4020 msdsm - ok 23:01:06.0715 4020 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 23:01:06.0715 4020 MSDTC - ok 23:01:06.0778 4020 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:01:06.0778 4020 Msfs - ok 23:01:06.0793 4020 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 23:01:06.0793 4020 mshidkmdf - ok 23:01:06.0809 4020 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 23:01:06.0809 4020 msisadrv - ok 23:01:06.0856 4020 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:01:06.0871 4020 MSiSCSI - ok 23:01:06.0887 4020 msiserver - ok 23:01:06.0918 4020 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:01:06.0918 4020 MSKSSRV - ok 23:01:06.0934 4020 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:01:06.0934 4020 MSPCLOCK - ok 23:01:06.0980 4020 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:01:06.0980 4020 MSPQM - ok 23:01:07.0012 4020 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:01:07.0012 4020 MsRPC - ok 23:01:07.0074 4020 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 23:01:07.0074 4020 mssmbios - ok 23:01:07.0074 4020 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:01:07.0090 4020 MSTEE - ok 23:01:07.0105 4020 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 23:01:07.0105 4020 MTConfig - ok 23:01:07.0121 4020 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 23:01:07.0121 4020 Mup - ok 23:01:07.0168 4020 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 23:01:07.0183 4020 napagent - ok 23:01:07.0230 4020 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:01:07.0230 4020 NativeWifiP - ok 23:01:07.0277 4020 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 23:01:07.0292 4020 NDIS - ok 23:01:07.0308 4020 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 23:01:07.0308 4020 NdisCap - ok 23:01:07.0355 4020 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:01:07.0355 4020 NdisTapi - ok 23:01:07.0402 4020 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:01:07.0402 4020 Ndisuio - ok 23:01:07.0433 4020 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:01:07.0448 4020 NdisWan - ok 23:01:07.0480 4020 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:01:07.0480 4020 NDProxy - ok 23:01:07.0511 4020 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys 23:01:07.0526 4020 Netaapl - ok 23:01:07.0558 4020 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:01:07.0558 4020 NetBIOS - ok 23:01:07.0589 4020 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 23:01:07.0604 4020 NetBT - ok 23:01:07.0604 4020 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 23:01:07.0604 4020 Netlogon - ok 23:01:07.0651 4020 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 23:01:07.0651 4020 Netman - ok 23:01:07.0667 4020 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 23:01:07.0682 4020 netprofm - ok 23:01:07.0729 4020 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:01:07.0729 4020 NetTcpPortSharing - ok 23:01:07.0838 4020 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys 23:01:07.0916 4020 netw5v32 - ok 23:01:07.0948 4020 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 23:01:07.0948 4020 nfrd960 - ok 23:01:07.0979 4020 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 23:01:07.0994 4020 NlaSvc - ok 23:01:08.0041 4020 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys 23:01:08.0041 4020 nmwcd - ok 23:01:08.0072 4020 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys 23:01:08.0072 4020 nmwcdc - ok 23:01:08.0088 4020 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:01:08.0104 4020 Npfs - ok 23:01:08.0119 4020 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 23:01:08.0119 4020 nsi - ok 23:01:08.0150 4020 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:01:08.0150 4020 nsiproxy - ok 23:01:08.0213 4020 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:01:08.0228 4020 Ntfs - ok 23:01:08.0244 4020 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 23:01:08.0244 4020 Null - ok 23:01:08.0447 4020 [ C954388BB78AA4E2B09F70771F86B115 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 23:01:08.0603 4020 nvlddmkm - ok 23:01:08.0665 4020 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 23:01:08.0681 4020 nvraid - ok 23:01:08.0696 4020 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 23:01:08.0712 4020 nvstor - ok 23:01:08.0743 4020 [ 5A8DAE04B047BA34A084E595B8F9C7EB ] nvsvc C:\Windows\system32\nvvsvc.exe 23:01:08.0743 4020 nvsvc - ok 23:01:08.0774 4020 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 23:01:08.0774 4020 nv_agp - ok 23:01:08.0806 4020 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 23:01:08.0806 4020 ohci1394 - ok 23:01:08.0852 4020 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:01:08.0868 4020 ose - ok 23:01:09.0040 4020 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 23:01:09.0164 4020 osppsvc - ok 23:01:09.0196 4020 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 23:01:09.0211 4020 p2pimsvc - ok 23:01:09.0227 4020 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 23:01:09.0227 4020 p2psvc - ok 23:01:09.0258 4020 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 23:01:09.0258 4020 Parport - ok 23:01:09.0305 4020 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:01:09.0305 4020 partmgr - ok 23:01:09.0320 4020 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 23:01:09.0320 4020 Parvdm - ok 23:01:09.0352 4020 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 23:01:09.0352 4020 PcaSvc - ok 23:01:09.0398 4020 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys 23:01:09.0398 4020 pccsmcfd - ok 23:01:09.0445 4020 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 23:01:09.0445 4020 pci - ok 23:01:09.0461 4020 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 23:01:09.0461 4020 pciide - ok 23:01:09.0492 4020 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 23:01:09.0492 4020 pcmcia - ok 23:01:09.0508 4020 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 23:01:09.0508 4020 pcw - ok 23:01:09.0539 4020 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:01:09.0554 4020 PEAUTH - ok 23:01:09.0601 4020 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 23:01:09.0617 4020 PeerDistSvc - ok 23:01:09.0742 4020 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 23:01:09.0757 4020 pla - ok 23:01:09.0820 4020 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:01:09.0820 4020 PlugPlay - ok 23:01:09.0835 4020 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 23:01:09.0835 4020 PNRPAutoReg - ok 23:01:09.0851 4020 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 23:01:09.0851 4020 PNRPsvc - ok 23:01:09.0898 4020 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:01:09.0913 4020 PolicyAgent - ok 23:01:09.0944 4020 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 23:01:09.0944 4020 Power - ok 23:01:09.0976 4020 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:01:09.0976 4020 PptpMiniport - ok 23:01:10.0007 4020 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 23:01:10.0007 4020 Processor - ok 23:01:10.0069 4020 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 23:01:10.0069 4020 ProfSvc - ok 23:01:10.0085 4020 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 23:01:10.0085 4020 ProtectedStorage - ok 23:01:10.0116 4020 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 23:01:10.0132 4020 Psched - ok 23:01:10.0178 4020 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 23:01:10.0194 4020 ql2300 - ok 23:01:10.0225 4020 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 23:01:10.0241 4020 ql40xx - ok 23:01:10.0272 4020 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 23:01:10.0272 4020 QWAVE - ok 23:01:10.0288 4020 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:01:10.0288 4020 QWAVEdrv - ok 23:01:10.0303 4020 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:01:10.0303 4020 RasAcd - ok 23:01:10.0350 4020 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 23:01:10.0350 4020 RasAgileVpn - ok 23:01:10.0366 4020 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 23:01:10.0366 4020 RasAuto - ok 23:01:10.0381 4020 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:01:10.0381 4020 Rasl2tp - ok 23:01:10.0428 4020 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 23:01:10.0428 4020 RasMan - ok 23:01:10.0444 4020 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:01:10.0444 4020 RasPppoe - ok 23:01:10.0475 4020 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:01:10.0475 4020 RasSstp - ok 23:01:10.0522 4020 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:01:10.0522 4020 rdbss - ok 23:01:10.0553 4020 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 23:01:10.0553 4020 rdpbus - ok 23:01:10.0584 4020 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:01:10.0584 4020 RDPCDD - ok 23:01:10.0631 4020 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 23:01:10.0631 4020 RDPDR - ok 23:01:10.0662 4020 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:01:10.0662 4020 RDPENCDD - ok 23:01:10.0693 4020 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 23:01:10.0693 4020 RDPREFMP - ok 23:01:10.0802 4020 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 23:01:10.0802 4020 RdpVideoMiniport - ok 23:01:10.0849 4020 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:01:10.0849 4020 RDPWD - ok 23:01:10.0912 4020 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 23:01:10.0912 4020 rdyboost - ok 23:01:10.0927 4020 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 23:01:10.0927 4020 RemoteAccess - ok 23:01:10.0974 4020 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:01:10.0974 4020 RemoteRegistry - ok 23:01:11.0005 4020 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 23:01:11.0005 4020 RFCOMM - ok 23:01:11.0068 4020 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 23:01:11.0068 4020 ROOTMODEM - ok 23:01:11.0114 4020 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 23:01:11.0114 4020 RpcEptMapper - ok 23:01:11.0146 4020 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 23:01:11.0146 4020 RpcLocator - ok 23:01:11.0161 4020 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 23:01:11.0161 4020 RpcSs - ok 23:01:11.0224 4020 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 23:01:11.0224 4020 rspndr - ok 23:01:11.0255 4020 [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 23:01:11.0255 4020 RTL8167 - ok 23:01:11.0302 4020 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 23:01:11.0302 4020 s3cap - ok 23:01:11.0317 4020 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 23:01:11.0317 4020 SamSs - ok 23:01:11.0348 4020 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 23:01:11.0348 4020 sbp2port - ok 23:01:11.0380 4020 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 23:01:11.0380 4020 SCardSvr - ok 23:01:11.0411 4020 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 23:01:11.0411 4020 scfilter - ok 23:01:11.0442 4020 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 23:01:11.0458 4020 Schedule - ok 23:01:11.0473 4020 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 23:01:11.0473 4020 SCPolicySvc - ok 23:01:11.0504 4020 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys 23:01:11.0504 4020 sdbus - ok 23:01:11.0551 4020 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 23:01:11.0551 4020 SDRSVC - ok 23:01:11.0582 4020 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 23:01:11.0582 4020 secdrv - ok 23:01:11.0614 4020 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 23:01:11.0614 4020 seclogon - ok 23:01:11.0629 4020 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 23:01:11.0629 4020 SENS - ok 23:01:11.0707 4020 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 23:01:11.0707 4020 SensrSvc - ok 23:01:11.0723 4020 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 23:01:11.0723 4020 Serenum - ok 23:01:11.0754 4020 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 23:01:11.0754 4020 Serial - ok 23:01:11.0801 4020 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 23:01:11.0801 4020 sermouse - ok 23:01:11.0879 4020 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 23:01:11.0894 4020 ServiceLayer - ok 23:01:11.0941 4020 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 23:01:11.0941 4020 SessionEnv - ok 23:01:11.0972 4020 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 23:01:11.0972 4020 sffdisk - ok 23:01:11.0988 4020 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 23:01:11.0988 4020 sffp_mmc - ok 23:01:12.0004 4020 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 23:01:12.0019 4020 sffp_sd - ok 23:01:12.0035 4020 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 23:01:12.0035 4020 sfloppy - ok 23:01:12.0082 4020 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 23:01:12.0082 4020 ShellHWDetection - ok 23:01:12.0097 4020 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 23:01:12.0113 4020 sisagp - ok 23:01:12.0128 4020 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:01:12.0128 4020 SiSRaid2 - ok 23:01:12.0160 4020 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 23:01:12.0160 4020 SiSRaid4 - ok 23:01:12.0253 4020 [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 23:01:12.0253 4020 SkypeUpdate - ok 23:01:12.0284 4020 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 23:01:12.0284 4020 Smb - ok 23:01:12.0331 4020 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 23:01:12.0331 4020 SNMPTRAP - ok 23:01:12.0362 4020 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 23:01:12.0362 4020 spldr - ok 23:01:12.0409 4020 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 23:01:12.0409 4020 Spooler - ok 23:01:12.0518 4020 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 23:01:12.0550 4020 sppsvc - ok 23:01:12.0565 4020 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 23:01:12.0565 4020 sppuinotify - ok 23:01:12.0596 4020 [ C71392156FF968D94A11872C8D693953 ] sptd C:\Windows\System32\Drivers\sptd.sys 23:01:12.0612 4020 sptd - ok 23:01:12.0643 4020 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 23:01:12.0643 4020 srv - ok 23:01:12.0706 4020 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 23:01:12.0721 4020 srv2 - ok 23:01:12.0737 4020 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 23:01:12.0737 4020 srvnet - ok 23:01:12.0784 4020 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 23:01:12.0784 4020 SSDPSRV - ok 23:01:12.0799 4020 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 23:01:12.0799 4020 SstpSvc - ok 23:01:12.0830 4020 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 23:01:12.0830 4020 stexstor - ok 23:01:12.0877 4020 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 23:01:12.0877 4020 StiSvc - ok 23:01:12.0908 4020 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 23:01:12.0908 4020 storflt - ok 23:01:12.0955 4020 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys 23:01:12.0955 4020 storvsc - ok 23:01:12.0971 4020 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 23:01:12.0971 4020 swenum - ok 23:01:13.0002 4020 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 23:01:13.0002 4020 swprv - ok 23:01:13.0018 4020 Synth3dVsc - ok 23:01:13.0064 4020 [ 964524A9EDCCE945E82419ABE9DB94EE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 23:01:13.0064 4020 SynTP - ok 23:01:13.0127 4020 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 23:01:13.0127 4020 SysMain - ok 23:01:13.0158 4020 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 23:01:13.0158 4020 TabletInputService - ok 23:01:13.0189 4020 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 23:01:13.0205 4020 TapiSrv - ok 23:01:13.0220 4020 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 23:01:13.0220 4020 TBS - ok 23:01:13.0283 4020 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 23:01:13.0298 4020 Tcpip - ok 23:01:13.0330 4020 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 23:01:13.0330 4020 TCPIP6 - ok 23:01:13.0376 4020 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 23:01:13.0376 4020 tcpipreg - ok 23:01:13.0423 4020 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 23:01:13.0423 4020 TDPIPE - ok 23:01:13.0439 4020 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 23:01:13.0439 4020 TDTCP - ok 23:01:13.0486 4020 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 23:01:13.0486 4020 tdx - ok 23:01:13.0517 4020 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 23:01:13.0517 4020 TermDD - ok 23:01:13.0564 4020 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 23:01:13.0564 4020 TermService - ok 23:01:13.0595 4020 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 23:01:13.0595 4020 Themes - ok 23:01:13.0626 4020 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 23:01:13.0626 4020 THREADORDER - ok 23:01:13.0688 4020 [ E4C85C291DDB3DC5E4A2F227CA465BA6 ] tifm21 C:\Windows\system32\drivers\tifm21.sys 23:01:13.0704 4020 tifm21 - ok 23:01:13.0782 4020 [ 3C47A2841BB479201CB356285BC2B18E ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe 23:01:13.0782 4020 TOSHIBA Bluetooth Service - ok 23:01:13.0829 4020 [ 90AFA1A4451BBBEE87C9F18A665D8121 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys 23:01:13.0829 4020 tosporte - ok 23:01:13.0876 4020 [ EB38D3D0EEF0588A4C0AEAF2825C066A ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys 23:01:13.0891 4020 tosrfbd - ok 23:01:13.0907 4020 [ 75CD3C238A0FFC66C4581C3870C09314 ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys 23:01:13.0907 4020 tosrfbnp - ok 23:01:13.0922 4020 [ B551D3F266DDA311256F963E8CFD1E9B ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys 23:01:13.0922 4020 Tosrfcom - ok 23:01:13.0954 4020 [ 8A555DCF3DDAD3965DA11550491408F8 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys 23:01:13.0954 4020 tosrfec - ok 23:01:13.0969 4020 [ F3E8762163EE87F3AC95537584CF5B4F ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys 23:01:13.0969 4020 Tosrfhid - ok 23:01:14.0016 4020 [ B2A1A6538245FD69578224BBF2FD4677 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys 23:01:14.0016 4020 tosrfnds - ok 23:01:14.0032 4020 [ 3DE5CBB4F8EB64563CE08E8EC7458D03 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys 23:01:14.0032 4020 TosRfSnd - ok 23:01:14.0063 4020 [ 60380640BAF7700A19E9BF8C939EA958 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys 23:01:14.0078 4020 Tosrfusb - ok 23:01:14.0110 4020 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 23:01:14.0110 4020 TrkWks - ok 23:01:14.0156 4020 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 23:01:14.0156 4020 TrustedInstaller - ok 23:01:14.0203 4020 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 23:01:14.0203 4020 tssecsrv - ok 23:01:14.0219 4020 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 23:01:14.0219 4020 TsUsbFlt - ok 23:01:14.0234 4020 tsusbhub - ok 23:01:14.0281 4020 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 23:01:14.0281 4020 tunnel - ok 23:01:14.0312 4020 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS 23:01:14.0312 4020 TVALZ - ok 23:01:14.0344 4020 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 23:01:14.0344 4020 uagp35 - ok 23:01:14.0375 4020 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 23:01:14.0390 4020 udfs - ok 23:01:14.0422 4020 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 23:01:14.0422 4020 UI0Detect - ok 23:01:14.0453 4020 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 23:01:14.0453 4020 uliagpkx - ok 23:01:14.0500 4020 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys 23:01:14.0500 4020 umbus - ok 23:01:14.0531 4020 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 23:01:14.0531 4020 UmPass - ok 23:01:14.0578 4020 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll 23:01:14.0593 4020 UmRdpService - ok 23:01:14.0609 4020 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 23:01:14.0609 4020 upnphost - ok 23:01:14.0671 4020 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 23:01:14.0687 4020 upperdev - ok 23:01:14.0749 4020 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 23:01:14.0749 4020 USBAAPL - ok 23:01:14.0812 4020 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 23:01:14.0812 4020 usbaudio - ok 23:01:14.0843 4020 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 23:01:14.0843 4020 usbccgp - ok 23:01:14.0874 4020 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 23:01:14.0890 4020 usbcir - ok 23:01:14.0905 4020 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 23:01:14.0905 4020 usbehci - ok 23:01:14.0921 4020 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 23:01:14.0921 4020 usbhub - ok 23:01:14.0952 4020 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys 23:01:14.0952 4020 usbohci - ok 23:01:14.0999 4020 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 23:01:14.0999 4020 usbprint - ok 23:01:15.0030 4020 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 23:01:15.0030 4020 usbscan - ok 23:01:15.0092 4020 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\DRIVERS\usbser.sys 23:01:15.0092 4020 usbser - ok 23:01:15.0124 4020 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 23:01:15.0124 4020 UsbserFilt - ok 23:01:15.0155 4020 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:01:15.0155 4020 USBSTOR - ok 23:01:15.0155 4020 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 23:01:15.0155 4020 usbuhci - ok 23:01:15.0217 4020 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 23:01:15.0217 4020 usbvideo - ok 23:01:15.0248 4020 [ 0D09F77F46DD3BE73C3E5949428D6995 ] UVCFTR C:\Windows\system32\DRIVERS\UVCFTR_S.SYS 23:01:15.0248 4020 UVCFTR - ok 23:01:15.0280 4020 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 23:01:15.0280 4020 UxSms - ok 23:01:15.0295 4020 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 23:01:15.0295 4020 VaultSvc - ok 23:01:15.0326 4020 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 23:01:15.0326 4020 vdrvroot - ok 23:01:15.0373 4020 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 23:01:15.0373 4020 vds - ok 23:01:15.0404 4020 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 23:01:15.0420 4020 vga - ok 23:01:15.0436 4020 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 23:01:15.0436 4020 VgaSave - ok 23:01:15.0451 4020 VGPU - ok 23:01:15.0482 4020 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 23:01:15.0482 4020 vhdmp - ok 23:01:15.0529 4020 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 23:01:15.0529 4020 viaagp - ok 23:01:15.0545 4020 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 23:01:15.0545 4020 ViaC7 - ok 23:01:15.0560 4020 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 23:01:15.0560 4020 viaide - ok 23:01:15.0592 4020 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys 23:01:15.0592 4020 vmbus - ok 23:01:15.0607 4020 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 23:01:15.0607 4020 VMBusHID - ok 23:01:15.0638 4020 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 23:01:15.0638 4020 volmgr - ok 23:01:15.0685 4020 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 23:01:15.0685 4020 volmgrx - ok 23:01:15.0748 4020 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 23:01:15.0748 4020 volsnap - ok 23:01:15.0763 4020 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 23:01:15.0779 4020 vsmraid - ok 23:01:15.0826 4020 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 23:01:15.0841 4020 VSS - ok 23:01:15.0857 4020 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 23:01:15.0857 4020 vwifibus - ok 23:01:15.0950 4020 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 23:01:15.0950 4020 W32Time - ok 23:01:15.0997 4020 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 23:01:15.0997 4020 WacomPen - ok 23:01:16.0044 4020 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 23:01:16.0044 4020 WANARP - ok 23:01:16.0044 4020 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 23:01:16.0044 4020 Wanarpv6 - ok 23:01:16.0122 4020 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 23:01:16.0153 4020 WatAdminSvc - ok 23:01:16.0200 4020 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 23:01:16.0216 4020 wbengine - ok 23:01:16.0247 4020 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 23:01:16.0262 4020 WbioSrvc - ok 23:01:16.0294 4020 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 23:01:16.0294 4020 wcncsvc - ok 23:01:16.0309 4020 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 23:01:16.0325 4020 WcsPlugInService - ok 23:01:16.0340 4020 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 23:01:16.0356 4020 Wd - ok 23:01:16.0403 4020 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 23:01:16.0403 4020 Wdf01000 - ok 23:01:16.0418 4020 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 23:01:16.0418 4020 WdiServiceHost - ok 23:01:16.0434 4020 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 23:01:16.0434 4020 WdiSystemHost - ok 23:01:16.0481 4020 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 23:01:16.0481 4020 WebClient - ok 23:01:16.0512 4020 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 23:01:16.0528 4020 Wecsvc - ok 23:01:16.0528 4020 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 23:01:16.0528 4020 wercplsupport - ok 23:01:16.0574 4020 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 23:01:16.0574 4020 WerSvc - ok 23:01:16.0621 4020 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 23:01:16.0621 4020 WfpLwf - ok 23:01:16.0637 4020 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 23:01:16.0637 4020 WIMMount - ok 23:01:16.0652 4020 WinHttpAutoProxySvc - ok 23:01:16.0824 4020 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 23:01:16.0855 4020 Winmgmt - ok 23:01:17.0011 4020 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 23:01:17.0027 4020 WinRM - ok 23:01:17.0120 4020 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 23:01:17.0120 4020 WinUsb - ok 23:01:17.0276 4020 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 23:01:17.0276 4020 Wlansvc - ok 23:01:17.0339 4020 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 23:01:17.0354 4020 WmiAcpi - ok 23:01:17.0417 4020 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 23:01:17.0417 4020 wmiApSrv - ok 23:01:17.0526 4020 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 23:01:17.0542 4020 WMPNetworkSvc - ok 23:01:17.0573 4020 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 23:01:17.0573 4020 WPCSvc - ok 23:01:17.0635 4020 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 23:01:17.0635 4020 WPDBusEnum - ok 23:01:17.0666 4020 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 23:01:17.0666 4020 ws2ifsl - ok 23:01:17.0682 4020 WSearch - ok 23:01:17.0729 4020 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 23:01:17.0729 4020 WudfPf - ok 23:01:17.0744 4020 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 23:01:17.0744 4020 WUDFRd - ok 23:01:17.0791 4020 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 23:01:17.0807 4020 wudfsvc - ok 23:01:17.0838 4020 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll 23:01:17.0838 4020 WwanSvc - ok 23:01:17.0900 4020 ================ Scan global =============================== 23:01:17.0947 4020 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 23:01:17.0978 4020 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 23:01:17.0994 4020 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 23:01:18.0010 4020 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 23:01:18.0041 4020 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 23:01:18.0056 4020 [Global] - ok 23:01:18.0056 4020 ================ Scan MBR ================================== 23:01:18.0056 4020 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 23:01:18.0446 4020 \Device\Harddisk0\DR0 - ok 23:01:18.0446 4020 ================ Scan VBR ================================== 23:01:18.0446 4020 [ D87792B19FFCDD3F4C9A3EAA344A553F ] \Device\Harddisk0\DR0\Partition1 23:01:18.0446 4020 \Device\Harddisk0\DR0\Partition1 - ok 23:01:18.0462 4020 [ 9FF70B442212E7C2E57E9227543A768E ] \Device\Harddisk0\DR0\Partition2 23:01:18.0462 4020 \Device\Harddisk0\DR0\Partition2 - ok 23:01:18.0478 4020 [ 78B7133D03728119F5339C503FBF52F7 ] \Device\Harddisk0\DR0\Partition3 23:01:18.0493 4020 \Device\Harddisk0\DR0\Partition3 - ok 23:01:18.0493 4020 ============================================================ 23:01:18.0493 4020 Scan finished 23:01:18.0493 4020 ============================================================ 23:01:18.0509 1880 Detected object count: 1 23:01:18.0509 1880 Actual detected object count: 1 23:01:36.0386 1880 C:\Windows\system32\DRIVERS\dtsoftbus01.sys - copied to quarantine 23:01:37.0915 1880 C:\Windows\$NtUninstallKB11901$\4166637092\@ - copied to quarantine 23:01:37.0915 1880 C:\Windows\$NtUninstallKB11901$\4166637092\Desktop.ini - copied to quarantine 23:01:37.0915 1880 C:\Windows\$NtUninstallKB11901$\4166637092\L\00000004.@ - copied to quarantine 23:01:37.0946 1880 C:\Windows\$NtUninstallKB11901$\4166637092\L\201d3dde - copied to quarantine 23:01:37.0962 1880 C:\Windows\$NtUninstallKB11901$\4166637092\L\76603ac3 - copied to quarantine 23:01:37.0978 1880 C:\Windows\$NtUninstallKB11901$\4166637092\L\xadqgnnk - copied to quarantine 23:01:38.0009 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\00000004.@ - copied to quarantine 23:01:38.0024 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\00000008.@ - copied to quarantine 23:01:38.0040 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\000000cb.@ - copied to quarantine 23:01:38.0040 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\80000000.@ - copied to quarantine 23:01:38.0040 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\80000032.@ - copied to quarantine 23:01:38.0867 1880 Backup copy found, using it.. 23:01:38.0898 1880 C:\Windows\system32\DRIVERS\dtsoftbus01.sys - will be cured on reboot 23:01:38.0945 1880 C:\Windows\$NtUninstallKB11901$\2469768004 - will be deleted on reboot 23:01:38.0945 1880 C:\Windows\$NtUninstallKB11901$\4166637092\@ - will be deleted on reboot 23:01:38.0945 1880 C:\Windows\$NtUninstallKB11901$\4166637092\Desktop.ini - will be deleted on reboot 23:01:38.0960 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\00000004.@ - will be deleted on reboot 23:01:38.0960 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\00000008.@ - will be deleted on reboot 23:01:38.0960 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\000000cb.@ - will be deleted on reboot 23:01:38.0960 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\80000000.@ - will be deleted on reboot 23:01:38.0960 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\80000032.@ - will be deleted on reboot 23:01:38.0976 1880 dtsoftbus01 ( Virus.Win32.ZAccess.aml ) - User select action: Cure 23:01:43.0641 0192 Deinitialize success
  9. Hello, I was unable to complete steps required before posting. I suppose it is because of the infection. I am posting this from a different computer. I did a scan of my machine with MS Security Essentials (I removed infected HDD and scanned it as external HDD from a different computer) and it reported that a Trojan Droper Win32 sirefef gen B has been found, sort of removed it, but it didn't work. Now it seems that I can't download any files on the infected machine without Chrome telling me that they are infected and not allowing me to run them. Also my AVG free is detecting new infections (as I understand this Trojan Dropper is installing new viruses or other malicious software). What can I do to fix this? Please help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.